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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions and listings of claims in the application: 
Listing of Claims 

1. (Original) An Authentication, Authorization, and Accounting (AAA) server 
in a packet data network comprising: 

means for authenticating a user; 

means for authorizing a service for the user when the user accesses the network; 

and 

means for generating a session identity, said session identity comprising a 
unique random value that is opaque, unpredictable, and not simultaneously re-usable, 
wherein the means for generating a session identity includes means for structuring the 
session identity to include an identifier of the AAA server, said AAA server identifier 
being usable to route queries containing the AAA server identifier to the AAA server. 

2. (Original) The AAA server of claim 1 , further comprising: 

means for extracting from a session identity received in a query, an AAA server 
identifier for another AAA server in the packet data network; and 

means for routing the query to the other AAA server based on the extracted AAA 
server identifier. 

3. (Original) The AAA server of claim 1, wherein the means for generating a 
session identity includes means for structuring the session identity to include a session 
reference (session_ref) and a realm identifier (realmjd). 

4. (Original) The AAA server of claim 3, wherein the means for 
generating a session identity includes means for encoding the session reference such 
that the form of the session identity is: encoded session_ref."@". realmjd, where "." 
indicates concatenation. 
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5. (Original) The AAA server of claim 3, wherein the means for 
generating a session identity includes: 

means for encoding the session reference; and 

means for appending the realm identifier to the encoded session reference such 
that the form of the session identity is: encoded session_ref.realm_id. 

6. (Original) The AAA server of claim 3, wherein the means for 
generating a session identity includes: 

means for encoding the session reference; and 

means for appending the encoded session reference to the realm identifier such 
that the form of the session identity is: realmjd. encoded session_ref. 

7. (Original) The AAA server of claim 3, wherein the means for 
generating a session identity includes: 

means for encrypting the session reference and the realm identifier; and 
means for encoding the encrypted session reference and realm identifier such 
that the form of the session identity is: encoded(encrypt(session_ref.realm_id)). 

8. (Original) The AAA server of claim 3, wherein the means for 
generating a session identity includes means for concatenating the session reference 
with the realm identifier and a Keyed-Hasing Message Authentication Code (HMAC). 

9. (Original) The AAA server of claim 8, wherein the means for 
generating a session identity also includes means for encoding the concatenated 
session reference, realm identifier, and HMAC such that the form of the session identity 
is: encoded(session_ref.realm_id.HMAC). 

10. (Original) The AAA server of claim 9, wherein the means for 
generating a session identity also includes means for encrypting the concatenated 
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session reference, realm identifier, and HMAC prior to encoding such that the form of 
the session identity is: encoded(encrypt(session_ref.realm_id.HMAC)). 

11. (Original) In a packet data network having a plurality of Authentication, 
Authorization, and Accounting (AAA) servers, a system for routing queries to an 
appropriate AAA server, said system comprising: 

means for assigning a realm identifier to each of the plurality of AAA servers; 

means for creating a master session in a given AAA server; 

means within the given AAA server for generating a master session identity that 
includes a session reference and the realm identifier assigned to the given AAA server; 
and 

means within the network for routing queries based on the master session 
identity to the given AAA server. 

12. (Original) The system of claim 11, wherein the means within the network 
for routing queries includes a load balancer that receives queries based on the master 
session identity and sends the queries to a randomly selected AAA server, wherein the 
selected AAA server includes: 

means for determining whether a received query is for the selected server; 

a routing table for identifying the appropriate AAA server based on the realm 
identifier in the master session identity; and 

means for routing the queries to the identified appropriate AAA server, upon 
determining that the received query is not for the selected server. 

13. (Original) The system of claim 11, wherein the means within the network 
for routing queries includes a specialized AAA server that receives queries based on the 
master session identity and routes the queries to the appropriate AAA server, said 
specialized AAA server including: 

a routing table for identifying the appropriate AAA server based on the 
realm identifier in the master session identity; and 

means for routing the queries to the identified appropriate AAA server. 
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14. (Original) The system of claim 11, wherein the means for generating a 
master session identity also includes encoding means and encrypting means for 
encoding and encrypting the master session identity. 

15. (Original) The system of claim 11, wherein the means for generating a 
master session identity also includes encoding means for encoding the master session 
identity, and the system further comprises a border gateway that encrypts the encoded 
master session identity when the border gateway sends the master session identity to a 
user's browser. 

16. (Original) In a packet data network having a plurality of Authentication, 
Authorization, and Accounting (AAA) servers, a method of routing queries to an 
appropriate AAA server, said method comprising the steps of: 

assigning a realm identifier to each of the plurality of AAA servers; 
creating a master session in a given AAA server; 

generating by the given AAA server, a master session identity that includes a 
session reference and the realm identifier assigned to the given AAA server; and 

routing queries containing the master session identity to the given AAA 

server. 

17. (Original) The method of claim 16, wherein the step of routing queries 
includes the steps of: 

configuring each of the AAA servers with routing tables for identifying the 
appropriate AAA server based on the realm identifier in the master session identity; 

receiving a query based on the master session identity in a load balancer; 

sending the query from the load balancer to a randomly selected AAA server; 

determining in the selected AAA server, whether a received query is for the 
selected server; 

if the query is not for the selected AAA server, identifying the appropriate AAA 
server utilizing the selected AAA server's routing table; and 
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routing the query from the selected AAA server to the identified appropriate AAA 

server. 

18. (Original) The method of claim 17, wherein the step of determining in the 
selected AAA server, whether a received query is for the selected server includes the 
steps of: 

extracting a realm identifier from the master session identity received in the 
query; and 

determining whether the extracted realm identifier matches the realm identifier 
assigned to the selected AAA server. 

19. (Original) The method of claim 16, wherein the step of routing queries 
includes the steps of: 

receiving a query based on the master session identity in a specialized AAA 
server configured with a routing table that matches realm identifiers with AAA servers; 

identifying by the specialized AAA server, the appropriate AAA server based on 
the realm identifier in the master session identity; and 

routing the query to the identified appropriate AAA server. 

20. (Original) The method of claim 16, wherein the step of generating a 
master session identity includes encoding and encrypting the master session identity. 

21. (Original) The method of claim 16, wherein the step of generating a 
master session identity includes encoding the master session identity, and the method 
further comprises encrypting the encoded master session identity in a border gateway 
when the border gateway sends the master session identity to a user's browser. 

22. (Original) The method of claim 16, wherein the step of generating a 
master session identity includes encoding the master session identity and adding a 
cyclical redundancy check (CRC) value, and the method further comprises verifying in a 
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border gateway, an Internet Protocol (IP) address of a client sending a query to the 
given AAA server. 

23. (Original) In a packet data network having a plurality of Authentication, 
Authorization, and Accounting (AAA) servers, a method of routing queries to an 
appropriate AAA server, said method comprising the steps of: 

randomly generating in each of the plurality of AAA servers, a fixed-length realm 
identifier that uniquely identifies each generating AAA server; 

creating a master session in a given AAA server; 

generating by the given AAA server, a master session identity that includes a 
session reference and the realm identifier that identifies the given AAA server; and 

routing queries containing the master session identity through the network to the 
given AAA server. 
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